IT Security Weekend Catch Up – June 13, 2020

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Agencies spending millions on ‘Crossbow’ spy tech, an upgraded Stingray
  2. LAPD got tech demos from Israeli phone hacking firm NSO Group
  3. Obscure Indian cyber firm spied on politicians, investors worldwide
  4. How companies are using your data against you
  5. Google’s indexing of WhatsApp numbers raises privacy concerns
  6. Fake SpaceX YouTube channels scam viewers out of $150K in bitcoin
  7. Man admits to “spoof” email fraud scheme + more information
  8. Alabama city hit with ransomware

For the more technical

  1. Security tests of web application (PDF)
  2. CallStranger: Data exfiltration & reflected amplified TCP DDOS & port scan via UPnP SUBSCRIBE Callback
  3. SMBleed: A new critical vulnerability affects Windows SMB protocol
  4. PoC RCE exploit for SMBGhost Windows flaw released
  5. Group policies going rogue
  6. Microsoft June 2020 Patch Tuesday
  7. Cmd Hijack – a command/argument confusion with path traversal in cmd.exe
  8. Mozilla Firefox SharedWorkerService code execution vulnerability
  9. SGAxe: How SGX fails in practice (PDF)
  10. New CrossTalk attack impacts Intel’s mobile, desktop, and server CPUs
  11. Arm CPUs impacted by rare side-channel attack
  12. CVE-2020-13777 GnuTLS audit: be scared
  13. The dark reality of open source (PDF)
  14. Legacy LVFS S3 bucket takeover and CVE-2020-10759 fwupd signature verification bypass
  15. Misconfigured Amazon S3 buckets continue to be a launchpad for malicious code
  16. Misconfigured Kubeflow workloads are a security risk
  17. An insider view into the increasingly complex Kingminer botnet (PDF)
  18. The A1 Telekom Austria hack
  19. Power company Enel Group suffers Snake ransomware attack
  20. Honda investigates possible ransomware attack, networks impacted
  21. Maze ransomware adds Ragnar Locker to its extortion cartel
  22. German task force for COVID-19 medical equipment targeted in ongoing phishing campaign
  23. Office 365 phishing baits remote workers with fake VPN configs
  24. Italian company earned up to $ 500,000 helping cybercriminals to deliver malware
  25. Beauty and the (fraud) beast
  26. Fake COVID-19 contact tracing apps used to download malware that monitors devices, steals personal data
  27. iCloud backups, synced data and end-to-end encryption
  28. Password Manager Resources
  29. Spies can eavesdrop by watching a light bulb’s vibrations

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *